Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
I recently heard of an interesting risk associated with people ignoring (apparently) invalid results because they assume the computer displaying them is broken. The State Bank building in Sydney has lifts (elevators) which announce (with a North American accent) the current floor and lift direction each time the door opens. They also have a strip display above the door showing the date, time of day, temperature and such. While travelling to an appointment in this building, a friend noticed that according to the display the temperature was 63 degrees Celsius (about 145 Fahrenhieit). He naturally assumed this was some sort of error and ignored it. However when he went to leave the building fifteen minutes later, he found that the lifts were out of order due to a fire in the control room. So if you are ever in one of these lifts and the temperature display is a bit high, please notify the building management in case it's on fire. Greg Kable Honeywell Bull Australia ACSnet: gregk@ubo.honeywell.oz 124 Walker St, UUCP: uunet!munnari!ubo.honeywell.oz.au!gregk Nth Sydney, NSW, 2060 Phone: (02) 9239549
To: ICS@ruby-falls.ICS.UCI.EDU
Subject: Warning!
Date: Thu, 12 May 88 13:07:21 -0700
From: Tim Morgan <morgan@ruby-falls.ICS.UCI.EDU>
Everyone should be aware of the program described in the following
message. We don't want to have to restore any files for anyone...
Date: Tue, 10 May 88 12:48:16 PDT
From: Doug Fouts <fouts%krypton@hub.ucsb.edu>
To: jwills@venera.isi.edu
Subject: EMAIL WARNING
I have just been informed by a friend of mine here at U.C.S.B. that there
is a program being passed around via ARPAnet (and also some other computer
networks) that is called "turkey". The instructions that are sent with the
program say that when compiled and run the program will draw a nice picture
of a turkey. I have been informed that the program is a (not very funny)
joke. It does not draw a turkey, but it does erase all of the unprotected
files in your directory. You might want to pass this information along to
people you know who use the network, as I am doing.
Doug Fouts
Do RISKS Forum readers have anything to say about the following thought on
program trading:
The stock market is a closed-loop feedback control system. Prices fluctuate
based on the demand for stock or desire to sell it. The introduction of
computer-based trading which makes decisions on a very short time-scale,
introduces into the system a very rapid response time. In other feedback
control systems, it is necessary to introduce damping to avoid wild
oscillations, when you have a very fast response mechanism. The present stock
market automation system, including the program trading facilities, appears to
offer no damping at all. Is it legitimate to conclude that the system is an
example of an undamped feedback control and therefore prone to wildly
oscillatory behavior? Would some form of damping (limits on maximum stock value
excurions as a percentage of stock value, for instance) serve as an adequate
damper?
I am not a control theoretician, so my thought may simply be naive analogical
reasoning - I am prepared to be educated on the point.
Vint
[Program trading has been considered in RISKS-5.44, 5-52, 5-70, 6.1,
6.11, and 6.37. There were some earlier discussions on stable feedback
loops. Perhaps someone will venture a definitive response... PGN]
A Boeing Company Renton Division Safety Alert: SOARING PROBLEM: METALLIC HELIUM BALLOONS CAN CAUSE POWER OUTAGES. Metallic helium balloons — popular gifts during holidays, birthdays and other special events — are no longer allowed on Boeing sites because of the severe damage they can cause to electric power lines. The problem is that the balloons are often coated with one-1,000th of an inch of aluminum, which makes an excellent conductor of electricity. When a stray metallic balloon comes in contact with power lines, it can cause electricity to arc between transformers and sometimes cause live wires to fall to the ground threatening the safety of bystanders. In Antioch, California, last year, a balloon caused a 12-hour blackout in which a power surge fried the wires of microwave ovens, videocassette recorders and television sets. A power outage encompassing the entire Renton complex occurred February 9th when a metallic helium balloon touched a 55,000-volt power line west of the 10-50 building. A similar unscheduled power outage occurred last year when a metallic balloon came in contact with a power line north of the 10-50 building. Because of the serious and costly nature of the problem, no metallic balloons of any kind will be allowed on a Boeing site for any reason.
There is a good article on several manufacturers' attitudes toward aircraft
avionics in the April 16 issue of "Flight International." Airbus currently
feels that the test of fly-by-wire is in maintenance, rather than operational
reliability. They have multi-level redundancy on many systems, and enforced
strong separation of design teams for the redundant equipment. They used
different manufacturers for each level of redundancy, and made sure that
there were no common members of the software development teams. Nonetheless,
Airbus indicated that the airplane would have faced far stiffer certification
without the manual backup on the horizontal stabilizer and rudder (which,
ironically, crews are not being trained to use--despite a complete system
failure during testing).
A rather interesting portion of the article suggests that Boeing, in its
never ending quest to cut equipment weights, is considering getting rid of
many antiquated analog and digital computers--which provide a de facto
high degree of redundancy in a distributed computing environment--and re-
placing many of the systems with a single high-speed computer. This should
cause interesting problems.
An earlier reader indicated that there was a lawsuit being conducted in England
to stop the A320 from being utilized by British Airways. Apparently the
suit failed. British Airways accepted its first A320 a couple of weeks ago,
and should be starting route service about now. BA itself was quite concerned
about the cockpit design, and apparently put the airplane through extensive
testing. Information that I have suggests they don't really like the air-
plane, but can't get out of their commitments.
On another front, a more recent issue of "Flight International" suggests that
one reason for the A320's popularity with short-haul operators is that
Boeing was sluggish in releasing the 737-400, a large-capacity short-range
transport (with a glass cockpit, but manual controls). As a consequence,
Lufthansa is replacing all of its 727's with A320's, and plans on replacing
its DC-10's with A340's for cockpit commonality. It is also planning on
replacing all of its 747-200's with 747-400's, the all-glass, fly-by-wire 747.
Robert Dorsett, University of TX at Austin Internet: mentat@walt.cc.utexas.edu
UUCP:{ihnp4, allegra,decvax}!ut-emx!walt.cc.utexas.edu!mentat
A couple of details on the AirBus A320 Excerpts from an article published in the May issue of "Sciences & Vie Micro" (translated from the French original) When taking the plane [the A320], what is the probability that it will crash due to a software error? One chance in a million? Wrong! One chance in a billion and that for each hour of flight.
In reference to my earlier post on KAL 007, I should also point out that it has
been suggested (in Hirsh's book, if memory serves) that if the original
airplane waypoint (the start position on the ground, waypoint 0) is entered
incorrectly, the entire course will be translated somewhat. For this to occur,
the start position would have to be entered in intermix mode (BIG no-no), and
the INS's would have had to have been shut down before the flight. This is a
very important number, needless to say, and a traditionally high importance has
been assigned to its entry. It isn't a "casual entry." Even if it should be
entered in intermix mode, both the captain and first officer should cross-check
it. There is the possibility, though, that it could be derived from a map,
written down incorrectly, then entered properly--but from bad data. In this
case, the cross- check wouldn't produce any "errors." However, I do not
remember any major gripes reported about the KAL flight by ATC or other
authorities, which should have come up if this had happened, since the airplane
would have been off course practically from the minute it started its enroute
climb.
Another reader sent me email asking me to detail manual navigation alternatives
to automation. That wasn't exactly my point in the post. There doesn't seem
to be any alternative to computer-augmented systems, both from reliability and
safety standpoints. Rather, I'm concerned about the way they are supposed to
be used by their human operators. The current trend is to assign the pilot a
caretaker role, on the assumption that (a) the systems will never fail, and (b)
that the pilot is a manager of systems. Unfortunately (a) isn't true, and (b)
relegates the human pilot to the role of observer, which can produce operator
errors (largely out of boredom or apathy) or render him incapable to intervene
in the aircraft's welfare if a bona fide emergency should develop (as the China
Airlines flipover three years ago demonstrated).
But to answer the question (which may be of academic interest to the readers),
here are the main navigational aids and techniques which have been developed
over the years:
I. Techniques:
a. Dead reckoning. Assumes the pilot keeps track of airspeed and has some
knowledge of the winds. The relevant instruments are a magnetic compass,
airspeed indicator, a clock, and accurate weather information. An altimeter
would also be handy at higher altitudes. Dead reckoning requires the pilot to
be very much in the aircraft "loop." It is used with a variety of other
techniques these days.
b. Pilotage. In this mode, the pilot flies by reference to the ground.
Traditionally, it's flying by reference to ground features, but the definition
can be extended to incorporate ground-based radio navigation aids.
As one might guess from the rest of this article, we are moving away from
pilotage and back towards dead reckoning as a primary means of flight--with the
exception that it is all automated and the pilot is largely out of the loop.
II. Airborne systems:
1. ADF. Automatic direction finding. A ground-based navigational aid
(really, any source of electromagnetic radiation) "beams" undirected
electromagnetic radiation. The instrument on the airplane which interprets the
information appears as a needle with some sort of azimuth reference. On most
light airplanes, the ADF indicator is a fixed card with markings from 0 to 359
degrees. The aircraft heading is *always* 0 degrees; the card demonstrates a
relative offset. For example, if the airplane is pointed due south (180
degrees) and has an ADF bearing of 350 degrees, the navaid's magnetic bearing
is 170 degrees.
As technology improved, during the 50's a flux-gate gyro compass was installed
in many larger airplanes. Essentially, this looked like the fixed ADF card,
except it *moved*, and provided precise compass bearings. It did not suffer
from the usual gyro precession problems, due to the fact that it automatically
recalibrated itself. ADF needles were installed on it (usually two) and thus
provided an easy-to-read, precise synopsis of both the airplane's heading and
the exact magnetic bearing of the selected navigational aids. It removed one
level of computation from the pilot, but this is generally considered a Good
Thing; the old system was rather kludgy.
The ADF/flux-gate gyro compass is commonly called a Radio-Magnetic Indicator,
or RMI.
ADF systems generally have a limited range, due to the HF frequencies used.
50-75 miles tops, often quite less. They were also susceptible to atmospheric
problems, such as thunderstorms.
In modern navigation, the ADF equipment is almost exclusively used in executing
approaches in homing onto marker beacons.
2. VOR. Variable omnirange. A VOR is another ground-based aid, but
one which works with aircraft on-board systems to provide an illusion
of a "compass rose" emanating from the station. For example, if the
airplane is exactly south of the station, and has a bearing of 0 degrees
to it, it will be receiving the 180 radial. But that information pertains
to the airplane relative to the position to the station, and not the
airplane attitude itself: the airplane can be pointed in any direction
whatsoever and still receive the 180 radial.
VOR range is dependent on the slant range of the airplane to the navaid. VOR's
use the very high frequency (VHF) band range (108.00 to 119.95 MhZ) and do not
suffer any deterioration in performance due to atmospheric conditions. An
airplane flying at, say, 39,000 feet would be able to detect a station (with
sufficient broadcasting power) 300 nautical miles away.
VOR's provide the standard method of navigation. Four methods have been
developed to use this information:
a. The first was the course deviation indicator (CDI). This displays
information on how far away the airplane is from an arbitrary selected radial.
The "distance" information is in degrees of arc. It is neccessary to have some
way of specifying the desired radial.
To clarify this, the system detects which radial the airplane is currently
on, then calculates (mechanically) the offset to the desired radial.
b. Next complex is the VOR equivalent of the ADF RMI. This has the same
moving compass card, the same one or two needles, but instead of pointing
to VOR bearings, the needles indicate the radial the airplane is on. The
tail of each needle indicates the radial, while the head indicates
(radial + head) mod 360
No additional "selecting" hardware is necessary: the VOR indicator
is totally self-contained. Apart from selecting the station frequency, the
pilot need do nothing.
c. The Horizontal Situation Indicator (HSI) combines the flux-gate compass
with the CDI indicator. The CDI is mounted in the center of the instrument;
the gyro card moves around it.
The HSI is the central navigation instrument on nearly every jetliner.
It has replaced the CDI entirely. In addition to basic navigation
information, the controls which set the CDI can also be used to provide
inputs to the autopilot. There is a "bug" (pointer) which indicates
desired heading; this rotates around the compass card. The desired course
(the desired radial from/to the VOR station) can also be used to make
the autopilot fly an intercept.
d. A broad class of CRT navigational displays have come to replace the HSI on
the newest jets. For the old-timers' sake, most models can be set to operate
as a simple computer-generated HSI. There is also usually a mode which
incorporates the concept of area navigation. It displays a variety of
supplemental information, such as airplane track, a mini-map of radio aides,
etc. These devices often take inputs from flight management computers (such as
an INS). As one pilot recently remarked in a magazine, "I like it because I
don't have to think; the computer does all the work." Precisely the attitude
we wish to stimulate in our young pilots. One problem with the newer "area"
modes is that the display formats are not standardized, which can introduce
training and, later, operational difficulties.
3. Inertial Navigation Systems (INS's) made their entry in the late
60's and early 70's, first on the 747. The INS is an on-board system,
entirely self-contained. Theoretically, an INS fits the definition
of a dead reckoning aid. It is networked with most of the other computers
on board, and derives its own airspeed information, position data, etc.,
and generates a wide variety of information ranging from ground speed to
wind speed and direction. It's a neat gadget, and the provided features
are indispensible for trans-oceanic flight.
Common airline practice these days is to fly a flight with the INS.
The waypoints along the flight path are entered prior to departure,
and the INS is used to drive the autopilot. Pilots are expected to
use the VOR indicators for a fast, convenient verification that it's
working like it's supposed to. INS waypoints are normally indicated
on high-altitude maps, and it's fairly easy to verify that one is where
one is supposed to be by cross checking.
4. Distance Measuring Equipment. DME is sort of like a transponder
system, and provides slant range distance data between the airplane
and a ground station by interacting with the ground station. Nowadays,
most DME stations are collocated with VOR stations, either as VORTACs
(a military concept) or as two distinct units.
5. Astral navigation. On older airplanes, such as the 707 and some 727's, a
port on the cockpit ceiling was used to provide the navigator (a position which
no longer exists) the ability to determine the airplane's latitude from the
stars. Needless to say, this required a fairly high degree of training and was
somewhat prone to errors. Not many people mourne the passing of the
navigators; they pretty much disappeared by the mid-70's. It was cheaper to
buy an INS (or several) to take their place.
6. Doppler. Doppler was an airplane-based navigation system intended
to provide a realistic idea of airplane true airspeed and drift while
flying over water. This was then used with dead reckoning and astral
navigation to figure out where the airplane is and get it to its destination
safely. This method is not used anymore, either, although the equipment
is still installed on many airplanes.
7. LORAN. Loran was originally a navigation system intended for
commercial shipping. The receiver synchronizes very long frequency radio
emmissions from a handful of transmitting sites to determine an approximate
idea of its location. Most current units also have additional features.
Loran is very, very inexpensive, ranging from $600 on up. LORAN is commonly
installed on light aircraft, or as a backup system on corporate aircraft
or airliners.
8. Omega. Omega was a neat idea that never caught on in a big way.
Most Omega units use information from Omega/VLF stations scattered
around the planet to calculate a variety of statistical data, including
the approximate airplane position. Most Omega units include the ability
to conduct area navigation and commonly have a better-defined database
capability than most INS units. Omega installations are more expensive
than LORAN installations, and are commonly found on business jets or,
more rarely, as backup systems on airliners.
9. Flight performance systems.
There are two general classes of flight performance computers available. Most
of these systems are installed in more recent airliners and incorporate a wide
variety of features. In general, the distinction is whether they can drive the
autopilot; if they can, it's probable that they have their own inertial
navigation system.
Flight performance systems exist to squeeze the last dollar out of an
airplane's flight; they were developed at a time when fuel was more expensive,
but are retained due to efficiency considerations. There is, theoretically,
very limited wastage. Whereas the older INS systems flew an airplane on a
two-dimensional course, FMS's can be used to set a *three-dimensional* flight
path, from right after takeoff to pattern entry (or even landing) at the
destination airport. When coupled with the autopilot and autothrottle (an
autothrottle is a computer-controlled throttle system; until the A320, there
was a manual override for it), they can fly the airplane more efficiently and
more precisely than the human pilots.
Flight International reports that NASA's Langely Research division is
developing a four-dimensional flight performance computer, capable of
conducting a flight within five seconds of accuracy on 50 n.m. segments. As
one might guess, such a system would have to be tied into ATC and available on
most other aircraft to avoid traffic congestion problems.
The question now becomes: what're the pilots supposed to be doing?
The answer? "Managing." Not an entirely satisfying one, at that.
Now, you may ask: "What're they using on my next flight?"
707: Probably two INS's. HSI, ADF and VOR indicators with the RMI cards.
Primitive autopilot. Maybe a left-over Doppler, but it won't be used on the
flight.
727: Possibly two INS's, probably not. HSI, primitive autopilot, ADF and VOR
indicators with the RMI cards. Maybe a leftover Doppler system.
737: No INS's, HSI, ADF and VOR indicators with the RMI cards. Primitive
autopilot. On later -200's and -300's, a flight management system. Perhaps
glass CRT displays, but nothing revolutionary.
747: Three INS's, HSI, ADF and VOR indicators with the RMI cards. Nicely
designed autopilot. There may be one flight performance computer. With the
747-400, the INS's will be merged with the flight performance computers and the
traditional HSI, ADF, and VOR indicators will disappear to be replaced by CRT
displays with an unproven (in terms of human interaction) design.
757, 767: The first generation of airliners with glass cockpits. Each
pilot's flight director (artificial horizon) and HSI is replaced by
a CRT screen. The HSI has the HSI/area navigation mode option. The
airspeed, altitude, vertical speed guages bracket the CRT's. There are
also two engine diagnostic displays on the center panel.
DC-9: Pretty much the same equipment as on the 737.
MD-8X: pretty much the same as the 737-300.
DC-10: more or less the same as the 747.
MD-11: pretty much the same as the 747-400.
Robert Dorsett, University of TX at Austin Internet: mentat@walt.cc.utexas.edu
UUCP:{ihnp4, allegra,decvax}!ut-emx!walt.cc.utexas.edu!mentat
Please report problems with the web pages to the maintainer